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AMENDMENTS TO THE CLAIMS 

1. (Currently amended) A method for creating virtual private connections 
between end points in a shared storage area network (SAN), the steps -method comprising: 

providing a virtual connection architecture and— for a host initiator operatively 
connected thereto, the virtual connection architecture having a virtual 
connection manager and a virtual connection cache, the virtual connection 
cache having a list of existing and previously established virtual connections, 
wherein an existing virtual connection is indicated between a specific host 
initiator and a specific target storage device, or a specific logical portion 
thereof, to provide a one-to-one relationship between a host initiator and a 
target storage device, or a logical portion thereof, for each virtual connection 
in the virtual connection cache, the host initiator generating and transmitting 
I/O commands to the virtual connection manager of the virtual connection 
architecture; 

comparing,, by the virtual connection manager source and destination information 
from the I/O commands to a predetermined list of allowable connections; and 

when the source and destination information matches the predetermined list of 
allowable connections, 

determining from the virtual connection cache whether a previously 
established virtual connection exists between the source and 
destination: and 

when the previously established virtual connection does not exist in 
the virtual connection cache , then 

determining whether a data connection between the host 
initiator and a storage device indicated by the destination 
information is allowable: and 

creating a data connection between the host initiator and a-the 
storage device, or a logical portion thereof, operatively 
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connected to the virtual connection architecture, thereby 
establishing a virtual private SAN; artdbut 
when the virtual connection exists, using a virtual private SAN 
indicated by the previously established virtual connection in the 
virtual connection cache without again determining whether the 
data connection between the host initiator and the storage 
device indicated by the destination information is allowable . 

2. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 1 , wherein multiple virtual private 
SANs function independently and substantially simultaneously within the shared SAN. 

3. (Original) The method for creating virtual private connections between end 
points in a shared SAN as recited in claim 2, wherein multiple host initiators share a 
common physical data channel. 

4. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 3, wherein the multiple host 
initiators are provided a protected end-to-end data path. 

5. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 2, wherein the multiple, virtual 
private SANs support at least one SAN connectivity product from the group: hubs, 
switches, gateways and routers. 

6. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 2, wherein the comparing 
comprises determining a level of access permission for said host initiator. 
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7. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 6 further comprising storing 
information representative of at least one of the allowable connections. 

8. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 7, wherein the storing comprises 
storing the information in a virtual connection cache. 

9. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 8 further comprising using the 
information stored in the virtual connection cache to validate subsequent requests for 
access from the host initiator. 

10. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 8, wherein the virtual connection 
architecture comprises a virtual connection manager. 

11. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 2, wherein the multiple virtual 
private SANs are operable within an existing SAN without need for additional software, 
middleware, drivers, or modifications to an existing operating system. 

12. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 2, wherein the virtual private 
connections are fully secured independently of the security of each individual host. 

13. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 2, wherein the multiple virtual 
private SANs operate independently of attached storage devices. 
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14. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 13, wherein the attached storage 
devices comprise any mixture of legacy or new technology storage devices. 

15. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 2, wherein the multiple virtual 
private SANs operate independently of connection interfaces and provide support for at 
least one from the group of interfaces: Fibre Channel, SCSI, other SAN interfaces. 

16. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 2, wherein the host initiator 
comprises a host initiator interface for providing a connection to the virtual connection 
architecture. 

17. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 6 further comprising providing a 
registration engine for receiving a registration command from the host initiator. 

18. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 17, wherein the registration 
command comprises at least one of the commands from the group: full registration, 
periodic registration, and de-registration commands. 

19. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 18, wherein the registration engine 
comprises a host registration service operating on the host initiator. 

20. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 18, wherein the registration 
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command comprises host and initiator specific information for facilitating automatic 
identification and configuration of the host and interface. 

21. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 17 further comprising periodically 
monitoring a health status of the host initiator. 

22. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 21 further comprising the issuance 
of a periodic registration command. 

23. (Previously presented) The method for creating virtual private connections 
between end points in a shared SAN as recited in claim 8 further comprising automatically 
capturing an existing SAN configuration and using the captured configuration information 
to automatically establish persistent access controls. 

24. (Currently amended) An apparatus for creating virtual private connections 
between end points in a shared storage area network comprising: 

means for establishing a virtual connection between a source and a destination, 
wherein the means for establishing the virtual connection includes a virtual 
connection manager and a virtual connection cache , the virtual connection 
cache having a list of existing and previously established virtual connections, 
wherein an existing virtual connection is indicated between a specific host 
initiator and a specific target storage device, or a specific logical portion 
thereof, to provide a one-to-one relationship between a host initiator and a 
target storage device, or a logical portion thereof, for each virtual connection 
in the virtual connection cache and determining whether a previously 
established connection exists does not include determining whether the 
connection is allowable : 
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means for receiving I/O commands containing source and destination information; 
means for comparing the source and destination information in the I/O commands to 

a predetermined list of allowable data connections; 
means for creating a virtual private storage area network connection between the 

source and destination when the data connection is allowable but does not 

exist; and 

means for using the virtual private storage area network. 

25. (Previously presented) The apparatus of claim 24 wherein when a virtual 
private storage area network connection is created, storing an indication of the connection 
in the virtual connection cache. 

26. (Previously presented) The apparatus of claim 24 wherein the means for 
creating a virtual private storage area network connection includes means for determining 
whether the data connection exists by reading an indication from the virtual connection 
cache. 

27. (New) A method for creating virtual private connections between end points 
in a shared storage area network (SAN), the method comprising: 

providing a virtual connection architecture for a host initiator operatively connected 
thereto, the virtual connection architecture having a virtual connection 
manager and a virtual connection cache, the host initiator generating and 
transmitting I/O commands to the virtual connection manager of the virtual 
connection architecture; the virtual connection cache having a list of existing 
and previously established virtual connections, wherein an existing virtual 
connection between a specific host initiator and a specific target storage 
device or a specific logical portion thereof provides a one-to-one relationship 
between the host initiator and the target storage device or the logical portion 
thereof, thereby allowing the virtual connection manager to execute a 
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received I/O command immediately without further qualification using the 
virtual private connection indicated by the previously established virtual 
connection in the virtual connection cache; and 
in the absence of a previously established virtual connection in the virtual 
connection cache, 

comparing, by the virtual connection manager, source and destination 

information from the I/O commands to a predetermined list of 

allowable connections; and 
when the source and destination information matches the predetermined list 

of allowable connections, 
creating a virtual connection in the virtual connection cache between the host 

initiator and a storage device, or a logical portion thereof, operatively 

connected to the virtual connection architecture, thereby establishing a 

virtual private SAN; and 
the virtual connection now existing, using the virtual private SAN indicated by 

the established virtual connection. 
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